Fortinet security patch release for CVE-2025-64155
Security Patch Release
Summary
Hide ▲
Show ▼
Fortinet released security updates for FortiSIEM and FortiFone, closing critical vulnerabilities that could let unauthenticated attackers achieve code execution or expose device configuration on affected systems. The FortiSIEM flaw, CVE-2025-64155, impacts specific Super and Worker nodes and was rated 9.4/10.0. A separate FortiFone issue, CVE-2025-47855, could leak configuration data through a crafted HTTP(S) request. Fortinet also advised customers to upgrade affected releases and, for CVE-2025-64155, restrict access to phMonitor port 7900.
Related Happenings
FortiBleed multi-vendor brute-force wave
Exploitation Wave
H score75
First: 23.06.2026 21:20
Last: 23.06.2026 21:20
Sources 1
About this happening:
A **multi-vendor brute-force wave** tied to **FortiBleed** is hitting **Fortinet, Synology, Sophos, Citrix, RDWeb, and MS-SQL** targets, expanding the risk from one firewall-focus...
FortiBleed multi-vendor brute-force wave
Exploitation WaveAbout this happening: A **multi-vendor brute-force wave** tied to **FortiBleed** is hitting **Fortinet, Synology, Sophos, Citrix, RDWeb, and MS-SQL** targets, expanding the risk from one firewall-focus...
Fortinet security patch release for CVE-2026-39813
Security Patch Release
H score41
First: 16.06.2026 12:19
Last: 16.06.2026 12:19
Sources 1
About this happening:
**Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...
Fortinet security patch release for CVE-2026-39813
Security Patch ReleaseAbout this happening: **Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...
Fortinet FortiSandbox multi-CVE exploitation wave
Exploitation Wave
H score49
First: 16.06.2026 12:19
Last: 16.06.2026 12:19
Sources 1
About this happening:
**Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...
Fortinet FortiSandbox multi-CVE exploitation wave
Exploitation WaveAbout this happening: **Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/Mitigation
H score38
First: 16.06.2026 08:41
Last: 16.06.2026 08:41
Sources 1
About this happening:
CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/MitigationAbout this happening: CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
Fortinet security patch release for CVE-2026-25089
Security Patch Release
H score44
First: 10.06.2026 18:10
Last: 10.06.2026 18:10
Sources 1
About this happening:
**Fortinet**, **Ivanti**, and **SAP** released **security updates** that address multiple **critical vulnerabilities** across **FortiSandbox**, **Ivanti Sentry**, and **SAP** prod...
Fortinet security patch release for CVE-2026-25089
Security Patch ReleaseAbout this happening: **Fortinet**, **Ivanti**, and **SAP** released **security updates** that address multiple **critical vulnerabilities** across **FortiSandbox**, **Ivanti Sentry**, and **SAP** prod...
Latest development: 11.06.2026 09:20
Shadowserver reported large-scale exploitation attempts against Internet-exposed Ivanti Sentry gateways after CVE-2026-10520 was patched in R10.5.2, R10.6.2, and R10.7.1, saying it saw 19 vulnerable instances and at least 2 backdoored systems and warning that unpatched devices were most likely compromised.
Timeline
-
14.01.2026 02:00 3 articles · 5mo ago
Fortinet releases fixes for FortiSIEM and FortiFone
Mitigation Patch UpdateFortinet released updates on January 14, 2026 to fix CVE-2025-64155 in FortiSIEM and CVE-2025-47855 in FortiFone, providing fixed releases for affected versions and recommending that customers restrict access to phMonitor port 7900 while upgrading.
Show sources
- Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution — thehackernews.com — 14.01.2026 13:53
- Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution — thehackernews.com — 14.01.2026 13:53
- Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks — www.bleepingcomputer.com — 16.01.2026 12:29
-
14.08.2025 03:00 1 articles · 10mo ago
Horizon3.ai reports FortiSIEM CVE-2025-64155
Initial DisclosureHorizon3.ai researcher Zach Hanley reported CVE-2025-64155 in FortiSIEM on August 14, 2025, describing an OS command injection flaw in phMonitor that could let an unauthenticated attacker execute unauthorized code or commands via crafted TCP requests and chain arbitrary file write with privilege escalation on affected Super and Worker nodes.
Show sources
- Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution — thehackernews.com — 14.01.2026 13:53